You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@dubbo.apache.org by GitBox <gi...@apache.org> on 2022/03/31 03:59:52 UTC

[GitHub] [dubbo] guohao edited a comment on issue #9867: Dubbo是否受spring的0day RCE漏洞影响

guohao edited a comment on issue #9867:
URL: https://github.com/apache/dubbo/issues/9867#issuecomment-1084046830


   > > Dubbo only add beans to Spring container, it does not use Spring functions or expose web services by Spring. So this RCE will not affect Dubbo. But applications that adopt JDK 9+ and Spring should try some temporary fixs to avoid this REC.
   > 
   > 是否意味着如果项目只使用了dubbo，未使用spring的话，是不受影响的
   
   Yes , the root cause for this RCE is requests from HTTP to SpringWeb may trigger reflection to execute any code.  Projects do not expose HTTP service with Spring will not be effected.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org